First, the Unix permissions are checked. If they allow the operation, SEL checks it and either permits it or denies it based on the predefined roles that you have configured.
Let's go back to the purpose of SEL. It adds mandatory access controls (MAC) to Linux. It is designed for preventing bad programs from tampering with your data and comprising other security controls you might have on your system. These bad programs include both malicious applications and badly written code.
At the same time, SEL helps minimize the damage that can be done as the result of an intrusion. The trusted operating systems (referred to in Is SEL trustworthy?)(particularly ones that are labeled C2) certainly have a form of access controls, but were not really mainstream (not mandatory, accept for B1 and higher) and also offered a limited Mandatory Access Control (MAC) model.
SEL provides a very flexible and configurable MAC to Linux. It can help you enforce critical processing on your data and also to enforce various legal restrictions, including disclosure of sensitive data. If you are a part of an organization that is concerned about securing your data, it is incumbent upon you to determine how deploying SEL can help secure your environment. If you are mandated by government and/or other regulalatory agencies to secure your data, the importance of implementing SEL becomes that much greater.
Dig Deeper on Linux servers
Related Q&A from Kenneth Milberg
Learn which makes more sense for your enterprise: building your own cloud-based diagnostic tooling or purchasing an existing product. Expert Ken ... Continue Reading
Learn about Helm Charts and how Kubernetes supports a microservices architecture. Expert Ken Milberg discusses what you need to know before delving ... Continue Reading
As blockchain matures, an ecosystem of tools continues to sprout up around it. Learn how these offerings, including the Hyperledger Fabric Client SDK... Continue Reading